We're updating the issue view to help you get more done. 

authenticate() test for locked/disabled accounts regardless of password match

Description

Locked or disabled accounts should always show the same error message regardless of whether the password is a match to avoid brute force/enumeration

Environment

None

Status

Assignee

Unassigned

Reporter

Justin Carter

Labels

None

Fix versions

Affects versions

FarCry 7.2

Priority

Major